Ransomware has caused escalating financial losses for individuals and companies, increasing annually. To combat this, we present Time Machine, a real-time, fine-grained sector-level live view navigation solution designed to safeguard filesystems from ...

Ransomware has evolved from an economic nuisance to a national security threat nowadays, which poses a significant risk to users. To address this problem, we propose RansomTag, a tag-based approach against crypto ransomware with fine-grained data ...

The flexibility of eBPF makes it widely used in performance, security, and monitoring. However, this flexibility is a double-edged sword, allowing attackers to use eBPF for malicious purposes. Security researchers have discovered multiple backdoors ...

In the automotive sector, one easily looks into two decades of software maintenance at the vehicle level. During this time, either the processor-specific version of the potentially complex operating system (OS) kernel in use has to be patched or ...

Cloud computing facilitates resource sharing among multiple users. Although sharing leads to the effective utilization of resources, it raises many security concerns. Hence, virtualization-enabled processors, which are used in cloud computing, are ...

Software analysis, debugging, and reverse engineering have a crucial impact in today's software industry. Efficient and stealthy debuggers are especially relevant for malware analysis. However, existing debugging platforms fail to address a transparent, ...

Unikernels are on the rise in the cloud. These lightweight virtual machines (VMs) specialized to a single application offer the same level of isolation as full-blown VMs, while providing performance superior to standard Linux-based VMs or even to ...

Cloud systems continue to rise in popularity due to their ability to provide access to flexible, scalable systems to be shared among all their users. Several tasks can be executed simultaneously within a server, but have varying requirements for ...

Converged multi-level secure (MLS) systems, such as Qubes OS or SecureView, heavily rely on virtualization and service virtual machines (VMs). Traditionally, driver domains - isolated VMs that run device drivers - and daemon VMs use full-blown general-...

The operational and capital costs of diverse proprietary network appliances are increasing day by day. It is causing problems of network ossification for service providers. Service providers are under pressure to offer these network services while keeping ...

Information leakage and memory disclosure are major threats to the security in modern computer systems. If an attacker is able to obtain the binary-code of an application, it is possible to reverse-engineer the source-code, uncover vulnerabilities, craft ...

With the wide application and deployment of cloud computing in enterprises, virtualization developers and security researchers are paying more attention to cloud computing security. The core component of cloud computing products is the hypervisor, which ...

In this cloud computing era, the security of hypervisors is critical to the overall security of the cloud. In particular, the security of CPU virtualization in hypervisors is paramount because it is implemented in the most privileged CPU mode. Blackbox ...

This paper presents the concept of sharing a hypervisor address space with a standard Linux program. In this work, we add hypervisor awareness to the Linux kernel and execute code in the HYP exception level through using the hyplet. The hyplet is an ...

System-level Dynamic Binary Translation (DBT) provides the capability to boot an Operating System (OS) and execute programs compiled for an Instruction Set Architecture (ISA) different from that of the host machine. Due to their performance-critical ...

Virtualization-based technologies have become ubiquitous in computing. While they provide an easy-to-implement platform for scalable, high-availability services, they also introduce new security issues. Traditionally, discussions on security ...

Hypervisor implementations such as XMHF, Nova, PROSPER, prplHypervisor, the various L4 descendants, as well as KVM and Xen offer mechanisms for dynamic startup and reconfiguration, including the allocation, delegation and destruction of objects and ...

A rootkit is a piece of code that aims to manipulate the computer behaviour without being detected. Rootkits are mainly used to disable kernel self-protection, hide malware presence, provide a covert communication channel between malware and their ...

Bare-metal cloud platforms allow customers to rent remote physical servers and install their preferred operating systems and software to make the best of servers' raw hardware capabilities. However, this quest for bare-metal performance compromises ...

Autonomous vehicles use cyber-physical systems to provide comfort and safety to passengers. Design of safety mechanisms for such systems is hindered by the growing quantity and complexity of SoCs (System-on-a-Chip) and software stacks required for ...